Jump to content


Photo

Desktop icons rearrange after removing virus


  • This topic is locked This topic is locked
25 replies to this topic

#1 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 14 August 2012 - 08:13 PM

I found a password virus on my computer and from what I can tell removed it. I had my desktop icons arranged in a particular order and now they are rearranged and I can not keep them arranged in my order. Everytime reboot they are sorted again. Would like help figuring out what the problem is. Thank you

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KEKLR :: KEKLR-PC [administrator]

8/12/2012 11:53:23 PM
mbam-log-2012-08-12 (23-53-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199837
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\KEKLR\AppData\Local\HP\fcmlguzl.dll (Spyware.Password) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HP (Spyware.Password) -> Data: RUNDLL32.EXE C:\Users\KEKLR\AppData\Local\HP\fcmlguzl.dll,GetImporterInterface -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\KEKLR\AppData\Local\HP\fcmlguzl.dll (Spyware.Password) -> Delete on reboot.
C:\Users\KEKLR\0.0997886597555977.exe (Exploit.Drop.UR.2) -> Quarantined and deleted successfully.

(end)
Cleaned log:Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KEKLR :: KEKLR-PC [administrator]

8/13/2012 12:08:53 AM
mbam-log-2012-08-13 (00-08-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199498
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I didn't run the DDS, I don't know how to disable script blocker.


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Edited by krtate, 14 August 2012 - 08:22 PM.


#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 August 2012 - 11:09 AM

Hello krtate.

For your moving Desktop icons:
Right-click an empty area in the Desktop. Select 'View' and uncheck 'Auto arrange icons'. Let me know if that solves the problem or not.

It's important to update your Java.
Updating Java:
  • Go
    here
    and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Then please download DDS.com to your Destop - it's the same program. Double-click to run it and please copy and post its log, DDS.txt.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 15 August 2012 - 05:16 PM

Auto Arrange was not checked.

I did not disable script block as I didn't know how. Below is log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by KEKLR at 19:08:24 on 2012-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2206 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\fxssvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.c...lt&ltmplcache=2
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/60.08/uploader2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
TCP: Interfaces\{AFE4A105-7E52-4CB0-9CAE-18A1828C5361} : DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Users\KEKLR\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-16 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-16 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-30 113120]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-15 23:05:35 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-15 23:05:18 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F5CCB3D-01FA-4851-97F4-142F9F5B66EF}\mpengine.dll
2012-08-15 23:05:11 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-15 01:26:31 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2012-08-14 10:16:02 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-13 04:21:36 -------- d-----w- C:\Users\KEKLR\AppData\Roaming\SUPERAntiSpyware.com
2012-08-13 03:50:59 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-13 03:50:58 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-02 01:21:10 -------- d-----w- C:\Users\KEKLR\AppData\Local\HP
.
==================== Find3M ====================
.
2012-08-04 20:45:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-04 20:45:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:08:59.93 ===============

#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 August 2012 - 05:41 PM

I don't notice anything that would cause the symptom.

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 15 August 2012 - 06:41 PM

ComboFix 12-08-15.01 - KEKLR 08/15/2012 20:06:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2492 [GMT -4:00]
Running from: c:\users\KEKLR\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KEKLR\AppData\Local\Temp\{68925D88-FE32-42A4-AB5D-619E8E111A03}\fpb.tmp
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 00:16 . 2012-08-16 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 23:05 . 2012-08-15 23:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-15 23:05 . 2012-08-15 23:05 -------- d-----w- c:\program files (x86)\Oracle
2012-08-15 23:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F5CCB3D-01FA-4851-97F4-142F9F5B66EF}\mpengine.dll
2012-08-15 23:05 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-15 23:04 . 2012-08-15 23:04 -------- d-----w- c:\program files (x86)\Java
2012-08-15 23:04 . 2012-08-15 23:04 -------- d-----w- c:\programdata\McAfee
2012-08-15 01:26 . 2009-06-30 14:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2012-08-14 10:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-13 04:21 . 2012-08-13 04:21 -------- d-----w- c:\users\KEKLR\AppData\Roaming\SUPERAntiSpyware.com
2012-08-13 03:50 . 2012-08-13 03:50 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-13 03:50 . 2012-08-13 03:50 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-02 01:21 . 2012-08-13 04:04 -------- d-----w- c:\users\KEKLR\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 23:45 . 2012-03-29 13:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 23:45 . 2011-05-19 16:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 13:42 . 2010-01-03 19:16 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2010-04-17 16:17 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2010-01-19 12:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-14 13:45 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-14 12:04 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-14 12:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-14 12:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-14 12:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-14 12:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-14 12:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-14 12:04 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 00:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 00:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 00:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 00:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 00:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 00:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 00:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 00:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 00:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-14 13:40 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-14 13:40 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-14 13:40 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-14 13:40 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-14 13:40 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-14 13:40 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-14 13:40 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-14 13:40 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-14 13:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-14 13:40 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-14 13:40 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-14 13:40 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-14 13:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-14 13:40 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-14 13:40 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-14 13:40 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-14 13:40 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-14 13:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-14 13:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-14 12:04 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-14 12:04 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-14 12:04 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-14 12:04 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-14 12:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-14 12:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-14 12:04 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-14 12:04 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-14 12:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-16 39408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-13 113120]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-13 139264]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 18:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:45]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-16 10:40]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-16 10:40]
.
2012-08-13 c:\windows\Tasks\HPCeeScheduleForKEKLR.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 365592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.c...lt&ltmplcache=2
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
FF - ProfilePath - c:\users\KEKLR\AppData\Roaming\Mozilla\Firefox\Profiles\rtqcgnqa.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-Circuit Construction Kit (DC Only) - c:\windows\system32\javaws.exe
AddRemove-Energy Skate Park - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\r*]%]
"Successes"=dword:c0000000
"Failures"=dword:c0000003
"{AFE4A105-7E52-4CB0-9CAE-18A1828C5361}"=hex:00,14,bf,da,45,3d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 20:34:01
ComboFix-quarantined-files.txt 2012-08-16 00:33
.
Pre-Run: 238,895,407,104 bytes free
Post-Run: 239,601,377,280 bytes free
.
- - End Of File - - 1DB1CEC683533DD858FA85DE5784B465

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 August 2012 - 08:02 PM

Still no culprit seen.

Please do this. Copy the following text exactly, into a new Notepad file.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=hex(3):00,00,00,00

In Notepad, do 'Save As'. Set All types (*.*) and save the file as SaveDesktop.reg (or anything ending in .reg).

Navigate to the .reg file, double-click it, answer YES when asked if you want to merge.

You may need to reboot for this to take effect. Please let me know if it makes the icons stay put.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 16 August 2012 - 04:13 AM

I pasted and saved as "All files" otherwise the option was *.txt. It was added to registry, but did not ask to merge and I did not have to reboot. Should I have turned off Microsoft Security Essentials first? Thank you

#8 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 16 August 2012 - 04:53 AM

Icons stay in place now. Do you think it is best if I change my computer sign on password as it appeared the virus was labeled spyware.password? Thank you so much for your assistance.

#9 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 August 2012 - 10:30 AM

It would be wise to change any sensitive passwords, especially any financial ones such as PayPal or online banking. There is no way to tell whether the virus succeeded in transmitting your passwords before it was removed.

One more scan:
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#10 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 17 August 2012 - 07:11 PM

C:\Users\KEKLR\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Users\KEKLR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\41202640-456c1059 multiple threats deleted - quarantined

What type of trojan is this? Thank you

Edited by krtate, 17 August 2012 - 07:13 PM.


#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2012 - 07:50 PM

I can't find much public information about it. Although it is said to not be very dangerous, it would be wise to change your passwords, especially financial ones.

I'm more concerned about the multiple threats deleted.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 18 August 2012 - 05:21 AM

If I remember correctly one scan included multiple threats of WIN64/SIREFEF.AA AND WIN32/SIREFEF.AN though I don't see it on any of the logs, but I did write it down as a reference. Before I posted my thread I also download SuperAntiSpyware.com and scanned...and then when my icons were all rearranged, I deleted the program. Maybe that program found the above mentioned. Sorry, not sure now. Should Windows Defender be turned on with Microsoft Security Essentials, or will that interfere? Should I download SuperAntispyware program again or will it interfere with Microsoft Security Essentials? From reading other posts I notice you like Google Chrome. Please advise why you prefer Chrome. At one point I had AVG as antivirus. Then it starting slowing my computer and I changed to Microsoft. I liked the fact that AVG would flag sites as safe. I miss that option, unless it really wasn't all that safe to begin with. Wish Security Essentials included flags like AVG. Thank you

07:02:23.0703 4316 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
07:02:24.0015 4316 ============================================================
07:02:24.0015 4316 Current date / time: 2012/08/18 07:02:24.0015
07:02:24.0015 4316 SystemInfo:
07:02:24.0015 4316
07:02:24.0015 4316 OS Version: 6.1.7601 ServicePack: 1.0
07:02:24.0015 4316 Product type: Workstation
07:02:24.0015 4316 ComputerName: KEKLR-PC
07:02:24.0015 4316 UserName: KEKLR
07:02:24.0015 4316 Windows directory: C:\Windows
07:02:24.0015 4316 System windows directory: C:\Windows
07:02:24.0015 4316 Running under WOW64
07:02:24.0015 4316 Processor architecture: Intel x64
07:02:24.0015 4316 Number of processors: 2
07:02:24.0015 4316 Page size: 0x1000
07:02:24.0015 4316 Boot type: Normal boot
07:02:24.0015 4316 ============================================================
07:02:25.0138 4316 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:02:25.0154 4316 ============================================================
07:02:25.0154 4316 \Device\Harddisk0\DR0:
07:02:25.0154 4316 MBR partitions:
07:02:25.0154 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
07:02:25.0154 4316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A58800
07:02:25.0154 4316 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23ABC800, BlocksNum 0x1971800
07:02:25.0154 4316 ============================================================
07:02:25.0170 4316 C: <-> \Device\Harddisk0\DR0\Partition2
07:02:25.0216 4316 D: <-> \Device\Harddisk0\DR0\Partition3
07:02:25.0216 4316 ============================================================
07:02:25.0216 4316 Initialize success
07:02:25.0216 4316 ============================================================
07:02:28.0726 3728 ============================================================
07:02:28.0726 3728 Scan started
07:02:28.0726 3728 Mode: Manual;
07:02:28.0726 3728 ============================================================
07:02:29.0553 3728 ================ Scan services =============================
07:02:29.0756 3728 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:02:29.0756 3728 1394ohci - ok
07:02:29.0818 3728 [ 3e2427d4966c7606097341e55ab4e105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
07:02:29.0818 3728 Accelerometer - ok
07:02:29.0865 3728 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:02:29.0881 3728 ACPI - ok
07:02:29.0928 3728 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:02:29.0928 3728 AcpiPmi - ok
07:02:30.0037 3728 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:02:30.0052 3728 AdobeARMservice - ok
07:02:30.0177 3728 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:02:30.0177 3728 AdobeFlashPlayerUpdateSvc - ok
07:02:30.0240 3728 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:02:30.0240 3728 adp94xx - ok
07:02:30.0271 3728 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:02:30.0271 3728 adpahci - ok
07:02:30.0302 3728 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:02:30.0302 3728 adpu320 - ok
07:02:30.0333 3728 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:02:30.0333 3728 AeLookupSvc - ok
07:02:30.0442 3728 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
07:02:30.0442 3728 AESTFilters - ok
07:02:30.0474 3728 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:02:30.0489 3728 AFD - ok
07:02:30.0536 3728 [ b65f8dba54f251906bbe8611b5a0e7ab ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
07:02:30.0536 3728 AgereModemAudio - ok
07:02:30.0583 3728 [ af4748ef93416159459769a24a0053af ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
07:02:30.0598 3728 AgereSoftModem - ok
07:02:30.0645 3728 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:02:30.0645 3728 agp440 - ok
07:02:30.0676 3728 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
07:02:30.0676 3728 ALG - ok
07:02:30.0708 3728 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:02:30.0708 3728 aliide - ok
07:02:30.0723 3728 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
07:02:30.0723 3728 amdide - ok
07:02:30.0754 3728 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:02:30.0754 3728 AmdK8 - ok
07:02:30.0786 3728 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:02:30.0786 3728 AmdPPM - ok
07:02:30.0801 3728 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:02:30.0801 3728 amdsata - ok
07:02:30.0832 3728 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:02:30.0848 3728 amdsbs - ok
07:02:30.0864 3728 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:02:30.0864 3728 amdxata - ok
07:02:30.0895 3728 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
07:02:30.0895 3728 AppID - ok
07:02:30.0926 3728 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:02:30.0926 3728 AppIDSvc - ok
07:02:30.0973 3728 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:02:30.0973 3728 Appinfo - ok
07:02:31.0004 3728 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
07:02:31.0004 3728 arc - ok
07:02:31.0020 3728 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:02:31.0020 3728 arcsas - ok
07:02:31.0051 3728 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:02:31.0066 3728 AsyncMac - ok
07:02:31.0082 3728 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
07:02:31.0082 3728 atapi - ok
07:02:31.0238 3728 [ 3efd964d52221360af0673cd61c2f4f5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
07:02:31.0300 3728 atikmdag - ok
07:02:31.0363 3728 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:02:31.0378 3728 AudioEndpointBuilder - ok
07:02:31.0394 3728 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:02:31.0394 3728 AudioSrv - ok
07:02:31.0441 3728 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:02:31.0456 3728 AxInstSV - ok
07:02:31.0488 3728 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:02:31.0503 3728 b06bdrv - ok
07:02:31.0550 3728 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:02:31.0550 3728 b57nd60a - ok
07:02:31.0581 3728 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:02:31.0581 3728 BDESVC - ok
07:02:31.0597 3728 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:02:31.0597 3728 Beep - ok
07:02:31.0659 3728 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
07:02:31.0675 3728 BFE - ok
07:02:31.0737 3728 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
07:02:31.0753 3728 BITS - ok
07:02:31.0784 3728 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:02:31.0784 3728 blbdrive - ok
07:02:31.0815 3728 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:02:31.0831 3728 bowser - ok
07:02:31.0846 3728 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:02:31.0846 3728 BrFiltLo - ok
07:02:31.0862 3728 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:02:31.0862 3728 BrFiltUp - ok
07:02:31.0893 3728 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:02:31.0893 3728 BridgeMP - ok
07:02:31.0924 3728 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
07:02:31.0940 3728 Browser - ok
07:02:31.0971 3728 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:02:31.0971 3728 Brserid - ok
07:02:31.0987 3728 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:02:31.0987 3728 BrSerWdm - ok
07:02:32.0002 3728 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:02:32.0002 3728 BrUsbMdm - ok
07:02:32.0018 3728 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:02:32.0018 3728 BrUsbSer - ok
07:02:32.0065 3728 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:02:32.0080 3728 BthEnum - ok
07:02:32.0112 3728 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:02:32.0112 3728 BTHMODEM - ok
07:02:32.0127 3728 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:02:32.0143 3728 BthPan - ok
07:02:32.0158 3728 [ 738d0e9272f59eb7a1449c3ec118e6c4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:02:32.0190 3728 BTHPORT - ok
07:02:32.0221 3728 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
07:02:32.0221 3728 bthserv - ok
07:02:32.0252 3728 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:02:32.0268 3728 BTHUSB - ok
07:02:32.0299 3728 [ 6bcfdc2b5b7f66d484486d4bd4b39a6b ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
07:02:32.0299 3728 btwaudio - ok
07:02:32.0330 3728 [ 82dc8b7c626e526681c1bebed2bc3ff9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
07:02:32.0330 3728 btwavdt - ok
07:02:32.0377 3728 [ 17da11c703b8e86ac3df8f796a118aef ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:02:32.0392 3728 btwdins - ok
07:02:32.0408 3728 [ 6149301dc3f81d6f9667a3fbac410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
07:02:32.0408 3728 btwl2cap - ok
07:02:32.0424 3728 [ 28e105ad3b79f440bf94780f507bf66a ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
07:02:32.0424 3728 btwrchid - ok
07:02:32.0424 3728 catchme - ok
07:02:32.0470 3728 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:02:32.0470 3728 cdfs - ok
07:02:32.0517 3728 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
07:02:32.0517 3728 cdrom - ok
07:02:32.0564 3728 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
07:02:32.0564 3728 CertPropSvc - ok
07:02:32.0595 3728 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:02:32.0595 3728 circlass - ok
07:02:32.0642 3728 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
07:02:32.0642 3728 CLFS - ok
07:02:32.0704 3728 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:02:32.0704 3728 clr_optimization_v2.0.50727_32 - ok
07:02:32.0736 3728 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:02:32.0736 3728 clr_optimization_v2.0.50727_64 - ok
07:02:32.0814 3728 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:02:32.0814 3728 clr_optimization_v4.0.30319_32 - ok
07:02:32.0860 3728 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:02:32.0860 3728 clr_optimization_v4.0.30319_64 - ok
07:02:32.0876 3728 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:02:32.0876 3728 CmBatt - ok
07:02:32.0892 3728 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:02:32.0892 3728 cmdide - ok
07:02:32.0938 3728 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
07:02:32.0938 3728 CNG - ok
07:02:33.0016 3728 [ f9a79c5b27037821112c50a9c8fb367a ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:02:33.0016 3728 Com4QLBEx - ok
07:02:33.0048 3728 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:02:33.0048 3728 Compbatt - ok
07:02:33.0094 3728 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:02:33.0094 3728 CompositeBus - ok
07:02:33.0110 3728 COMSysApp - ok
07:02:33.0126 3728 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:02:33.0126 3728 crcdisk - ok
07:02:33.0172 3728 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:02:33.0172 3728 CryptSvc - ok
07:02:33.0235 3728 [ bf62ff663ae55e4ed99de76881c2c0f1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
07:02:33.0266 3728 ctxusbm - ok
07:02:33.0313 3728 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:02:33.0328 3728 DcomLaunch - ok
07:02:33.0360 3728 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
07:02:33.0360 3728 defragsvc - ok
07:02:33.0391 3728 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:02:33.0406 3728 DfsC - ok
07:02:33.0422 3728 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
07:02:33.0422 3728 Dhcp - ok
07:02:33.0453 3728 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
07:02:33.0453 3728 discache - ok
07:02:33.0500 3728 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:02:33.0500 3728 Disk - ok
07:02:33.0531 3728 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:02:33.0531 3728 Dnscache - ok
07:02:33.0562 3728 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:02:33.0578 3728 dot3svc - ok
07:02:33.0609 3728 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:02:33.0625 3728 Dot4 - ok
07:02:33.0672 3728 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
07:02:33.0672 3728 Dot4Print - ok
07:02:33.0703 3728 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:02:33.0703 3728 dot4usb - ok
07:02:33.0734 3728 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
07:02:33.0734 3728 DPS - ok
07:02:33.0750 3728 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:02:33.0750 3728 drmkaud - ok
07:02:33.0812 3728 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:02:33.0828 3728 DXGKrnl - ok
07:02:33.0874 3728 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:02:33.0874 3728 EapHost - ok
07:02:33.0968 3728 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:02:34.0015 3728 ebdrv - ok
07:02:34.0046 3728 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
07:02:34.0046 3728 EFS - ok
07:02:34.0108 3728 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:02:34.0124 3728 ehRecvr - ok
07:02:34.0155 3728 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
07:02:34.0155 3728 ehSched - ok
07:02:34.0202 3728 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:02:34.0218 3728 elxstor - ok
07:02:34.0249 3728 [ 524c79054636d2e5751169005006460b ] enecir C:\Windows\system32\DRIVERS\enecir.sys
07:02:34.0249 3728 enecir - ok
07:02:34.0280 3728 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:02:34.0280 3728 ErrDev - ok
07:02:34.0342 3728 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
07:02:34.0342 3728 EventSystem - ok
07:02:34.0389 3728 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
07:02:34.0389 3728 exfat - ok
07:02:34.0405 3728 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:02:34.0420 3728 fastfat - ok
07:02:34.0467 3728 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
07:02:34.0483 3728 Fax - ok
07:02:34.0498 3728 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:02:34.0498 3728 fdc - ok
07:02:34.0514 3728 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:02:34.0514 3728 fdPHost - ok
07:02:34.0530 3728 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:02:34.0545 3728 FDResPub - ok
07:02:34.0561 3728 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:02:34.0561 3728 FileInfo - ok
07:02:34.0576 3728 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:02:34.0576 3728 Filetrace - ok
07:02:34.0576 3728 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:02:34.0576 3728 flpydisk - ok
07:02:34.0608 3728 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:02:34.0608 3728 FltMgr - ok
07:02:34.0670 3728 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
07:02:34.0686 3728 FontCache - ok
07:02:34.0732 3728 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:02:34.0732 3728 FontCache3.0.0.0 - ok
07:02:34.0764 3728 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:02:34.0764 3728 FsDepends - ok
07:02:34.0795 3728 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:02:34.0795 3728 Fs_Rec - ok
07:02:34.0842 3728 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:02:34.0842 3728 fvevol - ok
07:02:34.0888 3728 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:02:34.0888 3728 gagp30kx - ok
07:02:34.0935 3728 [ c44d560e441f091ea3b72f778ec60de2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
07:02:34.0951 3728 GameConsoleService - ok
07:02:34.0998 3728 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
07:02:35.0013 3728 gpsvc - ok
07:02:35.0123 3728 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:02:35.0123 3728 gupdate - ok
07:02:35.0154 3728 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:02:35.0154 3728 gupdatem - ok
07:02:35.0185 3728 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:02:35.0185 3728 gusvc - ok
07:02:35.0216 3728 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:02:35.0216 3728 hcw85cir - ok
07:02:35.0263 3728 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:02:35.0263 3728 HdAudAddService - ok
07:02:35.0310 3728 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:02:35.0310 3728 HDAudBus - ok
07:02:35.0325 3728 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:02:35.0341 3728 HidBatt - ok
07:02:35.0372 3728 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:02:35.0372 3728 HidBth - ok
07:02:35.0403 3728 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:02:35.0403 3728 HidIr - ok
07:02:35.0435 3728 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
07:02:35.0435 3728 hidserv - ok
07:02:35.0450 3728 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:02:35.0450 3728 HidUsb - ok
07:02:35.0466 3728 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:02:35.0481 3728 hkmsvc - ok
07:02:35.0497 3728 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:02:35.0513 3728 HomeGroupListener - ok
07:02:35.0544 3728 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:02:35.0544 3728 HomeGroupProvider - ok
07:02:35.0622 3728 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
07:02:35.0622 3728 HP Support Assistant Service - ok
07:02:35.0684 3728 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
07:02:35.0684 3728 HPDrvMntSvc.exe - ok
07:02:35.0715 3728 [ ccbe758967cc0f53f5ba3b271653c4e6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
07:02:35.0715 3728 hpdskflt - ok
07:02:35.0809 3728 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:02:35.0809 3728 hpqcxs08 - ok
07:02:35.0825 3728 [ f3f72a2a86c22610bca5439fa789dd52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:02:35.0840 3728 hpqddsvc - ok
07:02:35.0871 3728 [ 9af482d058be59cc28bce52e7c4b747c ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:02:35.0871 3728 HpqKbFiltr - ok
07:02:35.0918 3728 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
07:02:35.0934 3728 hpqwmiex - ok
07:02:35.0996 3728 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:02:35.0996 3728 HpSAMD - ok
07:02:36.0012 3728 [ aa036cc5f5221d9b915f4d4dce74ba9a ] hpsrv C:\Windows\system32\Hpservice.exe
07:02:36.0012 3728 hpsrv - ok
07:02:36.0059 3728 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:02:36.0074 3728 HTTP - ok
07:02:36.0121 3728 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:02:36.0121 3728 hwpolicy - ok
07:02:36.0168 3728 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:02:36.0168 3728 i8042prt - ok
07:02:36.0230 3728 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:02:36.0246 3728 IAANTMON - ok
07:02:36.0293 3728 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:02:36.0293 3728 iaStor - ok
07:02:36.0324 3728 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:02:36.0339 3728 iaStorV - ok
07:02:36.0386 3728 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:02:36.0402 3728 idsvc - ok
07:02:36.0605 3728 [ 3c3f27002abc69c5afe29cbe6cf7addf ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:02:36.0683 3728 igfx - ok
07:02:36.0714 3728 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:02:36.0714 3728 iirsp - ok
07:02:36.0776 3728 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
07:02:36.0792 3728 IKEEXT - ok
07:02:36.0870 3728 [ 88a20fa54c73ded4e8dac764e9130ae9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
07:02:36.0870 3728 IntcHdmiAddService - ok
07:02:36.0901 3728 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
07:02:36.0901 3728 intelide - ok
07:02:36.0932 3728 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:02:36.0932 3728 intelppm - ok
07:02:36.0963 3728 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:02:36.0963 3728 IPBusEnum - ok
07:02:36.0995 3728 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:02:36.0995 3728 IpFilterDriver - ok
07:02:37.0041 3728 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:02:37.0057 3728 iphlpsvc - ok
07:02:37.0104 3728 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:02:37.0104 3728 IPMIDRV - ok
07:02:37.0119 3728 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:02:37.0135 3728 IPNAT - ok
07:02:37.0151 3728 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:02:37.0151 3728 IRENUM - ok
07:02:37.0182 3728 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:02:37.0182 3728 isapnp - ok
07:02:37.0197 3728 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:02:37.0213 3728 iScsiPrt - ok
07:02:37.0260 3728 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:02:37.0260 3728 kbdclass - ok
07:02:37.0275 3728 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:02:37.0291 3728 kbdhid - ok
07:02:37.0291 3728 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
07:02:37.0291 3728 KeyIso - ok
07:02:37.0338 3728 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:02:37.0338 3728 KSecDD - ok
07:02:37.0369 3728 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:02:37.0369 3728 KSecPkg - ok
07:02:37.0385 3728 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:02:37.0385 3728 ksthunk - ok
07:02:37.0416 3728 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
07:02:37.0416 3728 KtmRm - ok
07:02:37.0463 3728 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:02:37.0463 3728 LanmanServer - ok
07:02:37.0494 3728 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:02:37.0509 3728 LanmanWorkstation - ok
07:02:37.0587 3728 [ c2e324014d54daa2b5a4de47cb696fd8 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:02:37.0587 3728 LightScribeService - ok
07:02:37.0603 3728 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:02:37.0603 3728 lltdio - ok
07:02:37.0634 3728 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:02:37.0634 3728 lltdsvc - ok
07:02:37.0650 3728 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:02:37.0650 3728 lmhosts - ok
07:02:37.0697 3728 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:02:37.0697 3728 LSI_FC - ok
07:02:37.0712 3728 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:02:37.0712 3728 LSI_SAS - ok
07:02:37.0728 3728 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:02:37.0728 3728 LSI_SAS2 - ok
07:02:37.0743 3728 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:02:37.0743 3728 LSI_SCSI - ok
07:02:37.0775 3728 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
07:02:37.0775 3728 luafv - ok
07:02:37.0821 3728 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:02:37.0821 3728 Mcx2Svc - ok
07:02:37.0837 3728 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:02:37.0837 3728 megasas - ok
07:02:37.0868 3728 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:02:37.0868 3728 MegaSR - ok
07:02:37.0946 3728 Microsoft SharePoint Workspace Audit Service - ok
07:02:37.0977 3728 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
07:02:37.0977 3728 MMCSS - ok
07:02:37.0993 3728 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:02:37.0993 3728 Modem - ok
07:02:38.0024 3728 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:02:38.0024 3728 monitor - ok
07:02:38.0040 3728 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:02:38.0055 3728 mouclass - ok
07:02:38.0071 3728 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:02:38.0071 3728 mouhid - ok
07:02:38.0102 3728 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:02:38.0102 3728 mountmgr - ok
07:02:38.0165 3728 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:02:38.0180 3728 MozillaMaintenance - ok
07:02:38.0243 3728 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:02:38.0243 3728 MpFilter - ok
07:02:38.0289 3728 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:02:38.0305 3728 mpio - ok
07:02:38.0321 3728 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:02:38.0336 3728 mpsdrv - ok
07:02:38.0383 3728 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:02:38.0399 3728 MpsSvc - ok
07:02:38.0430 3728 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:02:38.0430 3728 MRxDAV - ok
07:02:38.0477 3728 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:02:38.0477 3728 mrxsmb - ok
07:02:38.0523 3728 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:02:38.0523 3728 mrxsmb10 - ok
07:02:38.0539 3728 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:02:38.0539 3728 mrxsmb20 - ok
07:02:38.0555 3728 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:02:38.0555 3728 msahci - ok
07:02:38.0586 3728 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:02:38.0586 3728 msdsm - ok
07:02:38.0601 3728 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
07:02:38.0601 3728 MSDTC - ok
07:02:38.0633 3728 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:02:38.0633 3728 Msfs - ok
07:02:38.0664 3728 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:02:38.0664 3728 mshidkmdf - ok
07:02:38.0695 3728 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:02:38.0695 3728 msisadrv - ok
07:02:38.0726 3728 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:02:38.0726 3728 MSiSCSI - ok
07:02:38.0726 3728 msiserver - ok
07:02:38.0757 3728 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:02:38.0757 3728 MSKSSRV - ok
07:02:38.0851 3728 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:02:38.0851 3728 MsMpSvc - ok
07:02:38.0867 3728 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:02:38.0867 3728 MSPCLOCK - ok
07:02:38.0882 3728 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:02:38.0882 3728 MSPQM - ok
07:02:38.0913 3728 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:02:38.0929 3728 MsRPC - ok
07:02:38.0929 3728 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:02:38.0929 3728 mssmbios - ok
07:02:38.0945 3728 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:02:38.0945 3728 MSTEE - ok
07:02:38.0976 3728 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:02:38.0976 3728 MTConfig - ok
07:02:38.0991 3728 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:02:38.0991 3728 Mup - ok
07:02:39.0023 3728 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
07:02:39.0023 3728 napagent - ok
07:02:39.0069 3728 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:02:39.0069 3728 NativeWifiP - ok
07:02:39.0132 3728 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
07:02:39.0147 3728 NDIS - ok
07:02:39.0163 3728 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:02:39.0163 3728 NdisCap - ok
07:02:39.0179 3728 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:02:39.0194 3728 NdisTapi - ok
07:02:39.0225 3728 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:02:39.0225 3728 Ndisuio - ok
07:02:39.0272 3728 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:02:39.0272 3728 NdisWan - ok
07:02:39.0303 3728 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:02:39.0303 3728 NDProxy - ok
07:02:39.0366 3728 [ d5ac41ae382738483faffbd7e373d49a ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:02:39.0381 3728 Net Driver HPZ12 - ok
07:02:39.0397 3728 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:02:39.0397 3728 NetBIOS - ok
07:02:39.0444 3728 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:02:39.0444 3728 NetBT - ok
07:02:39.0459 3728 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
07:02:39.0459 3728 Netlogon - ok
07:02:39.0491 3728 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
07:02:39.0491 3728 Netman - ok
07:02:39.0522 3728 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
07:02:39.0522 3728 netprofm - ok
07:02:39.0553 3728 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:02:39.0553 3728 NetTcpPortSharing - ok
07:02:39.0725 3728 [ e72f4522801ffb8f0456924fb0017bff ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
07:02:39.0803 3728 NETw1v64 - ok
07:02:40.0005 3728 [ 39ede676d17f37af4573c2b33ec28aca ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
07:02:40.0099 3728 NETw5s64 - ok
07:02:40.0255 3728 [ 64428dfdaf6e88366cb51f45a79c5f69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
07:02:40.0333 3728 netw5v64 - ok
07:02:40.0380 3728 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:02:40.0380 3728 nfrd960 - ok
07:02:40.0427 3728 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:02:40.0427 3728 NisDrv - ok
07:02:40.0473 3728 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:02:40.0473 3728 NisSrv - ok
07:02:40.0536 3728 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:02:40.0536 3728 NlaSvc - ok
07:02:40.0567 3728 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:02:40.0567 3728 Npfs - ok
07:02:40.0598 3728 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:02:40.0598 3728 nsi - ok
07:02:40.0614 3728 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:02:40.0614 3728 nsiproxy - ok
07:02:40.0692 3728 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:02:40.0723 3728 Ntfs - ok
07:02:40.0739 3728 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
07:02:40.0739 3728 Null - ok
07:02:40.0770 3728 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:02:40.0770 3728 nvraid - ok
07:02:40.0785 3728 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:02:40.0785 3728 nvstor - ok
07:02:40.0817 3728 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:02:40.0832 3728 nv_agp - ok
07:02:40.0848 3728 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:02:40.0848 3728 ohci1394 - ok
07:02:40.0926 3728 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:02:40.0926 3728 ose - ok
07:02:41.0144 3728 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:02:41.0207 3728 osppsvc - ok
07:02:41.0253 3728 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:02:41.0253 3728 p2pimsvc - ok
07:02:41.0285 3728 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:02:41.0300 3728 p2psvc - ok
07:02:41.0316 3728 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:02:41.0316 3728 Parport - ok
07:02:41.0347 3728 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:02:41.0347 3728 partmgr - ok
07:02:41.0409 3728 [ 8a0f8a9580d9f2fc512a35d5709088a9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
07:02:41.0409 3728 pavboot - ok
07:02:41.0425 3728 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:02:41.0425 3728 PcaSvc - ok
07:02:41.0472 3728 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
07:02:41.0472 3728 pci - ok
07:02:41.0487 3728 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
07:02:41.0487 3728 pciide - ok
07:02:41.0519 3728 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:02:41.0519 3728 pcmcia - ok
07:02:41.0534 3728 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:02:41.0550 3728 pcw - ok
07:02:41.0565 3728 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:02:41.0581 3728 PEAUTH - ok
07:02:41.0659 3728 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:02:41.0659 3728 PerfHost - ok
07:02:41.0721 3728 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
07:02:41.0753 3728 pla - ok
07:02:41.0799 3728 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:02:41.0815 3728 PlugPlay - ok
07:02:41.0846 3728 [ 37f6046cdc630442d7dc087501ff6fc6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:02:41.0846 3728 Pml Driver HPZ12 - ok
07:02:41.0877 3728 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:02:41.0877 3728 PNRPAutoReg - ok
07:02:41.0909 3728 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:02:41.0909 3728 PNRPsvc - ok
07:02:41.0940 3728 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:02:41.0940 3728 PolicyAgent - ok
07:02:41.0987 3728 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
07:02:41.0987 3728 Power - ok
07:02:42.0033 3728 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:02:42.0033 3728 PptpMiniport - ok
07:02:42.0049 3728 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:02:42.0065 3728 Processor - ok
07:02:42.0111 3728 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:02:42.0111 3728 ProfSvc - ok
07:02:42.0127 3728 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:02:42.0127 3728 ProtectedStorage - ok
07:02:42.0174 3728 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:02:42.0174 3728 Psched - ok
07:02:42.0236 3728 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:02:42.0252 3728 ql2300 - ok
07:02:42.0267 3728 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:02:42.0267 3728 ql40xx - ok
07:02:42.0299 3728 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
07:02:42.0299 3728 QWAVE - ok
07:02:42.0330 3728 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:02:42.0330 3728 QWAVEdrv - ok
07:02:42.0345 3728 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:02:42.0345 3728 RasAcd - ok
07:02:42.0392 3728 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:02:42.0392 3728 RasAgileVpn - ok
07:02:42.0408 3728 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
07:02:42.0408 3728 RasAuto - ok
07:02:42.0455 3728 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:02:42.0455 3728 Rasl2tp - ok
07:02:42.0501 3728 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
07:02:42.0501 3728 RasMan - ok
07:02:42.0517 3728 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:02:42.0517 3728 RasPppoe - ok
07:02:42.0533 3728 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:02:42.0533 3728 RasSstp - ok
07:02:42.0548 3728 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:02:42.0564 3728 rdbss - ok
07:02:42.0579 3728 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:02:42.0579 3728 rdpbus - ok
07:02:42.0595 3728 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:02:42.0595 3728 RDPCDD - ok
07:02:42.0626 3728 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:02:42.0626 3728 RDPENCDD - ok
07:02:42.0642 3728 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:02:42.0642 3728 RDPREFMP - ok
07:02:42.0673 3728 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:02:42.0689 3728 RDPWD - ok
07:02:42.0720 3728 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:02:42.0720 3728 rdyboost - ok
07:02:42.0751 3728 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:02:42.0751 3728 RemoteAccess - ok
07:02:42.0767 3728 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:02:42.0782 3728 RemoteRegistry - ok
07:02:42.0813 3728 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:02:42.0813 3728 RFCOMM - ok
07:02:42.0876 3728 [ 498eb62a160674e793fa40fd65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
07:02:42.0891 3728 RichVideo - ok
07:02:42.0907 3728 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:02:42.0923 3728 RpcEptMapper - ok
07:02:42.0938 3728 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
07:02:42.0938 3728 RpcLocator - ok
07:02:42.0985 3728 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll
07:02:42.0985 3728 RpcSs - ok
07:02:43.0016 3728 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:02:43.0016 3728 rspndr - ok
07:02:43.0094 3728 [ a5df2f732a6c95554e548fcb6932bd31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
07:02:43.0094 3728 RSUSBSTOR - ok
07:02:43.0125 3728 [ 91296f0b2653281b2f11e0fce56aa427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:02:43.0141 3728 RTL8167 - ok
07:02:43.0157 3728 RtsUIR - ok
07:02:43.0172 3728 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
07:02:43.0172 3728 SamSs - ok
07:02:43.0203 3728 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:02:43.0203 3728 sbp2port - ok
07:02:43.0219 3728 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:02:43.0235 3728 SCardSvr - ok
07:02:43.0266 3728 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:02:43.0266 3728 scfilter - ok
07:02:43.0328 3728 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
07:02:43.0359 3728 Schedule - ok
07:02:43.0391 3728 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
07:02:43.0391 3728 SCPolicySvc - ok
07:02:43.0437 3728 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
07:02:43.0437 3728 sdbus - ok
07:02:43.0469 3728 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:02:43.0484 3728 SDRSVC - ok
07:02:43.0515 3728 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:02:43.0515 3728 secdrv - ok
07:02:43.0531 3728 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
07:02:43.0547 3728 seclogon - ok
07:02:43.0562 3728 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
07:02:43.0562 3728 SENS - ok
07:02:43.0609 3728 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:02:43.0609 3728 SensrSvc - ok
07:02:43.0625 3728 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:02:43.0640 3728 Serenum - ok
07:02:43.0656 3728 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:02:43.0656 3728 Serial - ok
07:02:43.0687 3728 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:02:43.0687 3728 sermouse - ok
07:02:43.0718 3728 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:02:43.0718 3728 SessionEnv - ok
07:02:43.0749 3728 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:02:43.0749 3728 sffdisk - ok
07:02:43.0749 3728 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:02:43.0765 3728 sffp_mmc - ok
07:02:43.0781 3728 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:02:43.0781 3728 sffp_sd - ok
07:02:43.0796 3728 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:02:43.0796 3728 sfloppy - ok
07:02:43.0827 3728 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:02:43.0843 3728 SharedAccess - ok
07:02:43.0874 3728 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:02:43.0890 3728 ShellHWDetection - ok
07:02:43.0905 3728 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:02:43.0905 3728 SiSRaid2 - ok
07:02:43.0921 3728 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:02:43.0921 3728 SiSRaid4 - ok
07:02:43.0952 3728 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:02:43.0968 3728 Smb - ok
07:02:43.0999 3728 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:02:43.0999 3728 SNMPTRAP - ok
07:02:44.0015 3728 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:02:44.0015 3728 spldr - ok
07:02:44.0061 3728 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:02:44.0077 3728 Spooler - ok
07:02:44.0186 3728 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
07:02:44.0233 3728 sppsvc - ok
07:02:44.0249 3728 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:02:44.0249 3728 sppuinotify - ok
07:02:44.0280 3728 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
07:02:44.0295 3728 srv - ok
07:02:44.0311 3728 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:02:44.0311 3728 srv2 - ok
07:02:44.0342 3728 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
07:02:44.0358 3728 SrvHsfHDA - ok
07:02:44.0389 3728 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
07:02:44.0420 3728 SrvHsfV92 - ok
07:02:44.0436 3728 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
07:02:44.0451 3728 SrvHsfWinac - ok
07:02:44.0467 3728 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:02:44.0467 3728 srvnet - ok
07:02:44.0514 3728 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:02:44.0514 3728 SSDPSRV - ok
07:02:44.0529 3728 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:02:44.0529 3728 SstpSvc - ok
07:02:44.0607 3728 [ 7595d53ee8e8b0baa9a2ddde867ebb0c ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
07:02:44.0623 3728 STacSV - ok
07:02:44.0639 3728 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:02:44.0639 3728 stexstor - ok
07:02:44.0701 3728 [ dffbc024dfc7bb05b2129e05cbc7a201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
07:02:44.0701 3728 STHDA - ok
07:02:44.0748 3728 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
07:02:44.0748 3728 stisvc - ok
07:02:44.0795 3728 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:02:44.0795 3728 swenum - ok
07:02:44.0826 3728 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
07:02:44.0826 3728 swprv - ok
07:02:44.0841 3728 [ 3a706a967295e16511e40842b1a2761d ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
07:02:44.0857 3728 SynTP - ok
07:02:44.0919 3728 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
07

Edited by krtate, 18 August 2012 - 05:54 AM.


#13 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2012 - 10:06 AM

If I remember correctly one scan included multiple threats of WIN64/SIREFEF.AA AND WIN32/SIREFEF.AN though I don't see it on any of the logs, but I did write it down as a reference.

SIREREF was a dangerous infection but seems to be all gone.

Before I posted my thread I also download SuperAntiSpyware.com and scanned...and then when my icons were all rearranged, I deleted the program. Maybe that program found the above mentioned. Sorry, not sure now. Should Windows Defender be turned on with Microsoft Security Essentials, or will that interfere? Should I download SuperAntispyware program again or will it interfere with Microsoft Security Essentials?

Microsoft creates maximal confusion with their file naming. The original Windows Defender replaced Windows Antispyware and was in turn replaced by Security Essentials (MSE), which turns off Defender; then they came up with Windows Defender Offline to run from a CD. Anyway Secutity Esssentials is good protection. SuperAntiSpyware (SAS) is a good program but not needed if you have Malwarebytes Anti-Malware (MBAM). You can run SAS occasionally as a supplement. MSE doesnn't interfer with either MBAM or SAS.

From reading other posts I notice you like Google Chrome. Please advise why you prefer Chrome. At one point I had AVG as antivirus. Then it starting slowing my computer and I changed to Microsoft. I liked the fact that AVG would flag sites as safe. I miss that option, unless it really wasn't all that safe to begin with. Wish Security Essentials included flags like AVG.

Chrome loads much faster than either IE or Firefox and unlike IE displays all web pages correctly. It warns you about dangerous sites: see http://support.googl...en&answer=99020

Assuming that you updated your Java, you are in good shape. You could consider installing the free version of Avast - I run it along with MSE. It is a very effective real time malware detector / blocker and doesn't interfere with MSE. I like its provision for temporarily turning off its 8 shields.

If you are not seeing anything amiss, I'll give instructions for removing our tools in my next reply.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#14 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 18 August 2012 - 11:57 AM

I appreciate all your help though I am a little nervous not knowing for sure if anything is lurking behind the scenes after reading details on Win32/Sirefef. Malwarebytes also has Fileassissin to delete locked files. Never used it before, is that something I should consider? Thank you

#15 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2012 - 12:31 PM

The only locks we found were locked Registry keys, and those all seemed to belong to Flash player. You can use FileASSASSIN if you are trying to delete a file and get "Access denied".

Cleanup:

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop. Also TDSSKiller.
You can optionally uninstall ESET via Control Panel.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

I'll keep this thread open for a few days in case you have other questions..
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#16 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 18 August 2012 - 01:22 PM

My laptop is wireless connection. I have a router hooked up to the main computer. I also have all the same programs loaded on that computer too, malwarebyte, security essentials, and I also have SpywareBlaster on that one too. Keep them all updated regularly and run scans. Could the virus I had on my laptop cause a problem with the other computer? Thank you

#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2012 - 02:28 PM

If you share folders between the two or synchronize files via the cloud then infection could be shared.

Just connecting both to the router doesn't establish any file connection between them.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 18 August 2012 - 04:45 PM

I just ran TrendMicro HouseCall and it just fixed Mal Xin12. Heuristic Detection


This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware:
•TROJ_SIREFEF

Attached File  Mal Xin12.png   94.06KB   147 downloads

Edited by krtate, 18 August 2012 - 04:54 PM.


#19 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 18 August 2012 - 05:03 PM

I copied this from Trend Micro site ***added in regards to ( TROJ_SIREFEF )
Arrival Details

This Trojan may arrive bundled with malware packages as a malware component.

It may arrive as a file that exports functions used by other malware.

It may be dropped by other malware.

Autostart Technique

This Trojan adds the following registry entries to enable its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Session Manager\SubSystems
{random} = "{malware path and file name}"

Edited by krtate, 18 August 2012 - 05:14 PM.


#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2012 - 05:41 PM

TrendMicro thinks it acts like TROJ_SIREFEF. http://about-threats...lware/mal_xin12
Heuristic detection gives many false positives; the file is not necessarily actual malware. Reliable scans have found no SIREFEF remnants on your PC.

I am noticing the odd appearance of the "H" in the "Trend Micro HouseCall" title of the window frame in your screen shot. The bad "H" in "HouseCall" makes me suspicious.. Did it really look like that? I'm thinking it might be a fake. If it really has that bad "H" please do this:

Find this file in your download folder:
HousecallLauncher64.exe
Please go to http://www.virustotal.com click on 'Choose file', and send the following file/s for analysis: You will only be able to have one file scanned at a time.

HousecallLauncher64.exe

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2012 - 06:18 PM

After you read my post above and check on HouseCall:

Clear Java cache:
To clear the Java Runtime Environment (JRE) cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel. -The Java Control Panel appears.
  • Click Settings under Temporary Internet Files. -The Temporary Files Settings dialog box appears.
  • Click Delete Files. -The Delete Temporary Files dialog box appears. -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click OK on Delete Temporary Files window. -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
  • Close the Java Control Panel
You can view those instructions along with graphics Here

Rerun TDSSKiller:
Also - I notice that the TDSSKiller log you posted was truncated. Can you please post the full log? The end of the log is the most important part and you can just post the last 20 lines or so.
Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#22 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 18 August 2012 - 06:39 PM

The H looked fine on HouseCall screen.

20:38:11.0827 1752 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:38:12.0124 1752 ============================================================
20:38:12.0124 1752 Current date / time: 2012/08/18 20:38:12.0124
20:38:12.0124 1752 SystemInfo:
20:38:12.0124 1752
20:38:12.0124 1752 OS Version: 6.1.7601 ServicePack: 1.0
20:38:12.0124 1752 Product type: Workstation
20:38:12.0124 1752 ComputerName: KEKLR-PC
20:38:12.0124 1752 UserName: KEKLR
20:38:12.0124 1752 Windows directory: C:\Windows
20:38:12.0124 1752 System windows directory: C:\Windows
20:38:12.0124 1752 Running under WOW64
20:38:12.0124 1752 Processor architecture: Intel x64
20:38:12.0124 1752 Number of processors: 2
20:38:12.0124 1752 Page size: 0x1000
20:38:12.0124 1752 Boot type: Normal boot
20:38:12.0124 1752 ============================================================
20:38:13.0013 1752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:38:13.0107 1752 ============================================================
20:38:13.0107 1752 \Device\Harddisk0\DR0:
20:38:13.0107 1752 MBR partitions:
20:38:13.0107 1752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:38:13.0107 1752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A58800
20:38:13.0107 1752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23ABC800, BlocksNum 0x1971800
20:38:13.0107 1752 ============================================================
20:38:13.0122 1752 C: <-> \Device\Harddisk0\DR0\Partition2
20:38:13.0231 1752 D: <-> \Device\Harddisk0\DR0\Partition3
20:38:13.0231 1752 ============================================================
20:38:13.0231 1752 Initialize success
20:38:13.0231 1752 ============================================================
20:38:17.0038 4484 ============================================================
20:38:17.0038 4484 Scan started
20:38:17.0038 4484 Mode: Manual;
20:38:17.0038 4484 ============================================================
20:38:17.0256 4484 ================ Scan services =============================
20:38:17.0412 4484 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:38:17.0412 4484 1394ohci - ok
20:38:17.0490 4484 [ 3e2427d4966c7606097341e55ab4e105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:38:17.0490 4484 Accelerometer - ok
20:38:17.0537 4484 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:38:17.0537 4484 ACPI - ok
20:38:17.0584 4484 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:38:17.0584 4484 AcpiPmi - ok
20:38:17.0693 4484 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:38:17.0693 4484 AdobeARMservice - ok
20:38:17.0818 4484 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:17.0833 4484 AdobeFlashPlayerUpdateSvc - ok
20:38:18.0021 4484 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:18.0021 4484 adp94xx - ok
20:38:18.0052 4484 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:38:18.0067 4484 adpahci - ok
20:38:18.0083 4484 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:38:18.0083 4484 adpu320 - ok
20:38:18.0114 4484 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:38:18.0114 4484 AeLookupSvc - ok
20:38:18.0192 4484 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
20:38:18.0192 4484 AESTFilters - ok
20:38:18.0239 4484 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:38:18.0239 4484 AFD - ok
20:38:18.0286 4484 [ b65f8dba54f251906bbe8611b5a0e7ab ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
20:38:18.0286 4484 AgereModemAudio - ok
20:38:18.0333 4484 [ af4748ef93416159459769a24a0053af ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:38:18.0348 4484 AgereSoftModem - ok
20:38:18.0395 4484 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:38:18.0395 4484 agp440 - ok
20:38:18.0426 4484 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
20:38:18.0426 4484 ALG - ok
20:38:18.0457 4484 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:38:18.0457 4484 aliide - ok
20:38:18.0473 4484 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
20:38:18.0473 4484 amdide - ok
20:38:18.0504 4484 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:38:18.0504 4484 AmdK8 - ok
20:38:18.0535 4484 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:38:18.0535 4484 AmdPPM - ok
20:38:18.0567 4484 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:38:18.0567 4484 amdsata - ok
20:38:18.0598 4484 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:18.0598 4484 amdsbs - ok
20:38:18.0613 4484 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:38:18.0613 4484 amdxata - ok
20:38:18.0676 4484 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
20:38:18.0676 4484 AppID - ok
20:38:18.0691 4484 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:38:18.0691 4484 AppIDSvc - ok
20:38:18.0738 4484 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:38:18.0738 4484 Appinfo - ok
20:38:18.0769 4484 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
20:38:18.0769 4484 arc - ok
20:38:18.0785 4484 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:38:18.0785 4484 arcsas - ok
20:38:18.0801 4484 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:18.0816 4484 AsyncMac - ok
20:38:18.0832 4484 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
20:38:18.0832 4484 atapi - ok
20:38:18.0972 4484 [ 3efd964d52221360af0673cd61c2f4f5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
20:38:19.0050 4484 atikmdag - ok
20:38:19.0097 4484 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:38:19.0113 4484 AudioEndpointBuilder - ok
20:38:19.0128 4484 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:38:19.0144 4484 AudioSrv - ok
20:38:19.0191 4484 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:38:19.0191 4484 AxInstSV - ok
20:38:19.0222 4484 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:38:19.0238 4484 b06bdrv - ok
20:38:19.0284 4484 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:38:19.0284 4484 b57nd60a - ok
20:38:19.0316 4484 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:38:19.0316 4484 BDESVC - ok
20:38:19.0347 4484 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:38:19.0347 4484 Beep - ok
20:38:19.0409 4484 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
20:38:19.0425 4484 BFE - ok
20:38:19.0472 4484 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
20:38:19.0487 4484 BITS - ok
20:38:19.0518 4484 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:19.0518 4484 blbdrive - ok
20:38:19.0550 4484 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:38:19.0550 4484 bowser - ok
20:38:19.0581 4484 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:19.0581 4484 BrFiltLo - ok
20:38:19.0596 4484 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:19.0596 4484 BrFiltUp - ok
20:38:19.0628 4484 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:38:19.0628 4484 BridgeMP - ok
20:38:19.0659 4484 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
20:38:19.0659 4484 Browser - ok
20:38:19.0690 4484 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:38:19.0690 4484 Brserid - ok
20:38:19.0706 4484 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:19.0706 4484 BrSerWdm - ok
20:38:19.0721 4484 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:19.0721 4484 BrUsbMdm - ok
20:38:19.0737 4484 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:19.0737 4484 BrUsbSer - ok
20:38:19.0768 4484 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:38:19.0768 4484 BthEnum - ok
20:38:19.0784 4484 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:19.0784 4484 BTHMODEM - ok
20:38:19.0815 4484 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:38:19.0815 4484 BthPan - ok
20:38:19.0846 4484 [ 738d0e9272f59eb7a1449c3ec118e6c4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:38:19.0846 4484 BTHPORT - ok
20:38:19.0877 4484 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
20:38:19.0893 4484 bthserv - ok
20:38:19.0908 4484 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:38:19.0908 4484 BTHUSB - ok
20:38:19.0940 4484 [ 6bcfdc2b5b7f66d484486d4bd4b39a6b ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:38:19.0940 4484 btwaudio - ok
20:38:19.0955 4484 [ 82dc8b7c626e526681c1bebed2bc3ff9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
20:38:19.0955 4484 btwavdt - ok
20:38:20.0002 4484 [ 17da11c703b8e86ac3df8f796a118aef ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:38:20.0018 4484 btwdins - ok
20:38:20.0018 4484 [ 6149301dc3f81d6f9667a3fbac410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:38:20.0018 4484 btwl2cap - ok
20:38:20.0033 4484 [ 28e105ad3b79f440bf94780f507bf66a ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:38:20.0033 4484 btwrchid - ok
20:38:20.0049 4484 catchme - ok
20:38:20.0080 4484 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:38:20.0080 4484 cdfs - ok
20:38:20.0142 4484 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:38:20.0142 4484 cdrom - ok
20:38:20.0174 4484 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
20:38:20.0174 4484 CertPropSvc - ok
20:38:20.0220 4484 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:38:20.0220 4484 circlass - ok
20:38:20.0252 4484 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
20:38:20.0267 4484 CLFS - ok
20:38:20.0314 4484 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:20.0314 4484 clr_optimization_v2.0.50727_32 - ok
20:38:20.0361 4484 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:38:20.0361 4484 clr_optimization_v2.0.50727_64 - ok
20:38:20.0439 4484 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:20.0439 4484 clr_optimization_v4.0.30319_32 - ok
20:38:20.0470 4484 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:38:20.0486 4484 clr_optimization_v4.0.30319_64 - ok
20:38:20.0501 4484 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:20.0501 4484 CmBatt - ok
20:38:20.0517 4484 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:38:20.0517 4484 cmdide - ok
20:38:20.0564 4484 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
20:38:20.0564 4484 CNG - ok
20:38:20.0642 4484 [ f9a79c5b27037821112c50a9c8fb367a ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:38:20.0642 4484 Com4QLBEx - ok
20:38:20.0657 4484 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:38:20.0657 4484 Compbatt - ok
20:38:20.0688 4484 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:38:20.0704 4484 CompositeBus - ok
20:38:20.0704 4484 COMSysApp - ok
20:38:20.0735 4484 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:20.0735 4484 crcdisk - ok
20:38:20.0782 4484 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:38:20.0782 4484 CryptSvc - ok
20:38:20.0829 4484 [ bf62ff663ae55e4ed99de76881c2c0f1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
20:38:20.0844 4484 ctxusbm - ok
20:38:20.0876 4484 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:38:20.0891 4484 DcomLaunch - ok
20:38:20.0922 4484 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
20:38:20.0938 4484 defragsvc - ok
20:38:20.0969 4484 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:38:20.0969 4484 DfsC - ok
20:38:21.0016 4484 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
20:38:21.0016 4484 Dhcp - ok
20:38:21.0047 4484 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
20:38:21.0047 4484 discache - ok
20:38:21.0078 4484 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:38:21.0078 4484 Disk - ok
20:38:21.0110 4484 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:38:21.0110 4484 Dnscache - ok
20:38:21.0156 4484 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:38:21.0156 4484 dot3svc - ok
20:38:21.0219 4484 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:38:21.0234 4484 Dot4 - ok
20:38:21.0266 4484 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
20:38:21.0266 4484 Dot4Print - ok
20:38:21.0297 4484 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:38:21.0297 4484 dot4usb - ok
20:38:21.0344 4484 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
20:38:21.0344 4484 DPS - ok
20:38:21.0359 4484 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:38:21.0359 4484 drmkaud - ok
20:38:21.0437 4484 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:38:21.0468 4484 DXGKrnl - ok
20:38:21.0515 4484 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:38:21.0515 4484 EapHost - ok
20:38:21.0593 4484 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:38:21.0640 4484 ebdrv - ok
20:38:21.0671 4484 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
20:38:21.0671 4484 EFS - ok
20:38:21.0734 4484 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:38:21.0749 4484 ehRecvr - ok
20:38:21.0780 4484 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
20:38:21.0780 4484 ehSched - ok
20:38:21.0827 4484 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:38:21.0843 4484 elxstor - ok
20:38:21.0858 4484 [ 524c79054636d2e5751169005006460b ] enecir C:\Windows\system32\DRIVERS\enecir.sys
20:38:21.0858 4484 enecir - ok
20:38:21.0905 4484 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:38:21.0905 4484 ErrDev - ok
20:38:21.0952 4484 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
20:38:21.0952 4484 EventSystem - ok
20:38:21.0983 4484 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
20:38:21.0999 4484 exfat - ok
20:38:22.0014 4484 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:38:22.0014 4484 fastfat - ok
20:38:22.0061 4484 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
20:38:22.0061 4484 Fax - ok
20:38:22.0077 4484 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:38:22.0092 4484 fdc - ok
20:38:22.0108 4484 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:38:22.0108 4484 fdPHost - ok
20:38:22.0139 4484 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:38:22.0155 4484 FDResPub - ok
20:38:22.0170 4484 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:38:22.0170 4484 FileInfo - ok
20:38:22.0186 4484 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:38:22.0186 4484 Filetrace - ok
20:38:22.0202 4484 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:38:22.0202 4484 flpydisk - ok
20:38:22.0217 4484 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:38:22.0233 4484 FltMgr - ok
20:38:22.0280 4484 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
20:38:22.0295 4484 FontCache - ok
20:38:22.0358 4484 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:38:22.0358 4484 FontCache3.0.0.0 - ok
20:38:22.0389 4484 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:38:22.0389 4484 FsDepends - ok
20:38:22.0420 4484 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:38:22.0420 4484 Fs_Rec - ok
20:38:22.0482 4484 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:38:22.0482 4484 fvevol - ok
20:38:22.0514 4484 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:38:22.0514 4484 gagp30kx - ok
20:38:22.0576 4484 [ c44d560e441f091ea3b72f778ec60de2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:38:22.0576 4484 GameConsoleService - ok
20:38:22.0623 4484 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
20:38:22.0638 4484 gpsvc - ok
20:38:22.0732 4484 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:38:22.0732 4484 gupdate - ok
20:38:22.0763 4484 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:38:22.0763 4484 gupdatem - ok
20:38:22.0794 4484 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:38:22.0794 4484 gusvc - ok
20:38:22.0826 4484 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:38:22.0826 4484 hcw85cir - ok
20:38:22.0872 4484 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:38:22.0872 4484 HdAudAddService - ok
20:38:22.0935 4484 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:38:22.0935 4484 HDAudBus - ok
20:38:22.0966 4484 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:38:22.0966 4484 HidBatt - ok
20:38:23.0013 4484 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:38:23.0013 4484 HidBth - ok
20:38:23.0044 4484 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:38:23.0044 4484 HidIr - ok
20:38:23.0075 4484 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
20:38:23.0075 4484 hidserv - ok
20:38:23.0091 4484 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:38:23.0091 4484 HidUsb - ok
20:38:23.0138 4484 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:38:23.0138 4484 hkmsvc - ok
20:38:23.0184 4484 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:38:23.0184 4484 HomeGroupListener - ok
20:38:23.0231 4484 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:38:23.0231 4484 HomeGroupProvider - ok
20:38:23.0325 4484 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:38:23.0325 4484 HP Support Assistant Service - ok
20:38:23.0387 4484 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:38:23.0387 4484 HPDrvMntSvc.exe - ok
20:38:23.0418 4484 [ ccbe758967cc0f53f5ba3b271653c4e6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:38:23.0418 4484 hpdskflt - ok
20:38:23.0496 4484 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:38:23.0512 4484 hpqcxs08 - ok
20:38:23.0543 4484 [ f3f72a2a86c22610bca5439fa789dd52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:38:23.0543 4484 hpqddsvc - ok
20:38:23.0590 4484 [ 9af482d058be59cc28bce52e7c4b747c ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:38:23.0590 4484 HpqKbFiltr - ok
20:38:23.0637 4484 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:38:23.0652 4484 hpqwmiex - ok
20:38:23.0715 4484 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:38:23.0715 4484 HpSAMD - ok
20:38:23.0730 4484 [ aa036cc5f5221d9b915f4d4dce74ba9a ] hpsrv C:\Windows\system32\Hpservice.exe
20:38:23.0730 4484 hpsrv - ok
20:38:23.0777 4484 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:38:23.0793 4484 HTTP - ok
20:38:23.0824 4484 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:38:23.0824 4484 hwpolicy - ok
20:38:23.0871 4484 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:38:23.0871 4484 i8042prt - ok
20:38:23.0964 4484 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:38:23.0964 4484 IAANTMON - ok
20:38:23.0996 4484 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:38:23.0996 4484 iaStor - ok
20:38:24.0027 4484 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:38:24.0027 4484 iaStorV - ok
20:38:24.0105 4484 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:38:24.0120 4484 idsvc - ok
20:38:24.0323 4484 [ 3c3f27002abc69c5afe29cbe6cf7addf ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:38:24.0432 4484 igfx - ok
20:38:24.0464 4484 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:38:24.0464 4484 iirsp - ok
20:38:24.0510 4484 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
20:38:24.0526 4484 IKEEXT - ok
20:38:24.0588 4484 [ 88a20fa54c73ded4e8dac764e9130ae9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:38:24.0604 4484 IntcHdmiAddService - ok
20:38:24.0635 4484 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
20:38:24.0635 4484 intelide - ok
20:38:24.0666 4484 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:38:24.0682 4484 intelppm - ok
20:38:24.0713 4484 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:38:24.0713 4484 IPBusEnum - ok
20:38:24.0744 4484 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:38:24.0744 4484 IpFilterDriver - ok
20:38:24.0791 4484 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:38:24.0807 4484 iphlpsvc - ok
20:38:24.0854 4484 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:38:24.0854 4484 IPMIDRV - ok
20:38:24.0869 4484 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:38:24.0885 4484 IPNAT - ok
20:38:24.0900 4484 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:38:24.0900 4484 IRENUM - ok
20:38:24.0932 4484 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:38:24.0932 4484 isapnp - ok
20:38:24.0947 4484 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:38:24.0963 4484 iScsiPrt - ok
20:38:25.0010 4484 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:38:25.0010 4484 kbdclass - ok
20:38:25.0025 4484 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:38:25.0041 4484 kbdhid - ok
20:38:25.0056 4484 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
20:38:25.0056 4484 KeyIso - ok
20:38:25.0088 4484 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:38:25.0088 4484 KSecDD - ok
20:38:25.0119 4484 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:38:25.0134 4484 KSecPkg - ok
20:38:25.0150 4484 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:38:25.0150 4484 ksthunk - ok
20:38:25.0181 4484 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
20:38:25.0181 4484 KtmRm - ok
20:38:25.0228 4484 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:38:25.0228 4484 LanmanServer - ok
20:38:25.0259 4484 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:38:25.0275 4484 LanmanWorkstation - ok
20:38:25.0353 4484 [ c2e324014d54daa2b5a4de47cb696fd8 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:38:25.0353 4484 LightScribeService - ok
20:38:25.0368 4484 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:38:25.0368 4484 lltdio - ok
20:38:25.0400 4484 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:38:25.0400 4484 lltdsvc - ok
20:38:25.0431 4484 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:38:25.0431 4484 lmhosts - ok
20:38:25.0462 4484 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:38:25.0462 4484 LSI_FC - ok
20:38:25.0478 4484 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:38:25.0493 4484 LSI_SAS - ok
20:38:25.0509 4484 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:38:25.0509 4484 LSI_SAS2 - ok
20:38:25.0524 4484 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:38:25.0524 4484 LSI_SCSI - ok
20:38:25.0556 4484 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
20:38:25.0571 4484 luafv - ok
20:38:25.0602 4484 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:38:25.0602 4484 Mcx2Svc - ok
20:38:25.0618 4484 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:38:25.0634 4484 megasas - ok
20:38:25.0649 4484 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:38:25.0665 4484 MegaSR - ok
20:38:25.0743 4484 Microsoft SharePoint Workspace Audit Service - ok
20:38:25.0774 4484 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
20:38:25.0774 4484 MMCSS - ok
20:38:25.0790 4484 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:38:25.0790 4484 Modem - ok
20:38:25.0821 4484 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:38:25.0821 4484 monitor - ok
20:38:25.0836 4484 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:38:25.0836 4484 mouclass - ok
20:38:25.0852 4484 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:38:25.0852 4484 mouhid - ok
20:38:25.0899 4484 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:38:25.0899 4484 mountmgr - ok
20:38:25.0977 4484 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:38:25.0977 4484 MozillaMaintenance - ok
20:38:26.0039 4484 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:38:26.0039 4484 MpFilter - ok
20:38:26.0070 4484 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:38:26.0086 4484 mpio - ok
20:38:26.0117 4484 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:38:26.0117 4484 mpsdrv - ok
20:38:26.0164 4484 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:38:26.0180 4484 MpsSvc - ok
20:38:26.0211 4484 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:38:26.0211 4484 MRxDAV - ok
20:38:26.0242 4484 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:38:26.0258 4484 mrxsmb - ok
20:38:26.0289 4484 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:38:26.0304 4484 mrxsmb10 - ok
20:38:26.0320 4484 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:38:26.0320 4484 mrxsmb20 - ok
20:38:26.0336 4484 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:38:26.0336 4484 msahci - ok
20:38:26.0351 4484 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:38:26.0351 4484 msdsm - ok
20:38:26.0382 4484 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
20:38:26.0382 4484 MSDTC - ok
20:38:26.0414 4484 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:38:26.0414 4484 Msfs - ok
20:38:26.0414 4484 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:38:26.0414 4484 mshidkmdf - ok
20:38:26.0460 4484 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:38:26.0460 4484 msisadrv - ok
20:38:26.0492 4484 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:38:26.0492 4484 MSiSCSI - ok
20:38:26.0492 4484 msiserver - ok
20:38:26.0538 4484 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:38:26.0538 4484 MSKSSRV - ok
20:38:26.0601 4484 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:38:26.0601 4484 MsMpSvc - ok
20:38:26.0616 4484 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:38:26.0616 4484 MSPCLOCK - ok
20:38:26.0632 4484 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:38:26.0632 4484 MSPQM - ok
20:38:26.0679 4484 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:38:26.0679 4484 MsRPC - ok
20:38:26.0694 4484 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:38:26.0694 4484 mssmbios - ok
20:38:26.0710 4484 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:38:26.0726 4484 MSTEE - ok
20:38:26.0741 4484 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:38:26.0741 4484 MTConfig - ok
20:38:26.0757 4484 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:38:26.0757 4484 Mup - ok
20:38:26.0772 4484 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
20:38:26.0788 4484 napagent - ok
20:38:26.0819 4484 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:38:26.0835 4484 NativeWifiP - ok
20:38:26.0882 4484 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
20:38:26.0897 4484 NDIS - ok
20:38:26.0928 4484 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:38:26.0928 4484 NdisCap - ok
20:38:26.0960 4484 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:38:26.0960 4484 NdisTapi - ok
20:38:26.0991 4484 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:38:26.0991 4484 Ndisuio - ok
20:38:27.0022 4484 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:38:27.0022 4484 NdisWan - ok
20:38:27.0053 4484 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:38:27.0053 4484 NDProxy - ok
20:38:27.0116 4484 [ d5ac41ae382738483faffbd7e373d49a ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:38:27.0131 4484 Net Driver HPZ12 - ok
20:38:27.0147 4484 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:38:27.0147 4484 NetBIOS - ok
20:38:27.0194 4484 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:38:27.0194 4484 NetBT - ok
20:38:27.0209 4484 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
20:38:27.0209 4484 Netlogon - ok
20:38:27.0240 4484 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
20:38:27.0256 4484 Netman - ok
20:38:27.0272 4484 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
20:38:27.0287 4484 netprofm - ok
20:38:27.0318 4484 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:38:27.0318 4484 NetTcpPortSharing - ok
20:38:27.0506 4484 [ e72f4522801ffb8f0456924fb0017bff ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
20:38:27.0599 4484 NETw1v64 - ok
20:38:27.0802 4484 [ 39ede676d17f37af4573c2b33ec28aca ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
20:38:27.0927 4484 NETw5s64 - ok
20:38:28.0067 4484 [ 64428dfdaf6e88366cb51f45a79c5f69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:38:28.0145 4484 netw5v64 - ok
20:38:28.0176 4484 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:38:28.0192 4484 nfrd960 - ok
20:38:28.0254 4484 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:38:28.0254 4484 NisDrv - ok
20:38:28.0286 4484 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:38:28.0301 4484 NisSrv - ok
20:38:28.0364 4484 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:38:28.0364 4484 NlaSvc - ok
20:38:28.0395 4484 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:38:28.0395 4484 Npfs - ok
20:38:28.0426 4484 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:38:28.0426 4484 nsi - ok
20:38:28.0442 4484 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:38:28.0442 4484 nsiproxy - ok
20:38:28.0520 4484 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:38:28.0551 4484 Ntfs - ok
20:38:28.0566 4484 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
20:38:28.0566 4484 Null - ok
20:38:28.0598 4484 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:38:28.0613 4484 nvraid - ok
20:38:28.0629 4484 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:38:28.0629 4484 nvstor - ok
20:38:28.0660 4484 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:38:28.0676 4484 nv_agp - ok
20:38:28.0707 4484 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:38:28.0707 4484 ohci1394 - ok
20:38:28.0785 4484 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:28.0785 4484 ose - ok
20:38:28.0988 4484 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:38:29.0066 4484 osppsvc - ok
20:38:29.0112 4484 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:38:29.0112 4484 p2pimsvc - ok
20:38:29.0159 4484 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:38:29.0159 4484 p2psvc - ok
20:38:29.0175 4484 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:38:29.0190 4484 Parport - ok
20:38:29.0222 4484 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:38:29.0222 4484 partmgr - ok
20:38:29.0268 4484 [ 8a0f8a9580d9f2fc512a35d5709088a9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
20:38:29.0268 4484 pavboot - ok
20:38:29.0284 4484 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:38:29.0284 4484 PcaSvc - ok
20:38:29.0331 4484 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
20:38:29.0331 4484 pci - ok
20:38:29.0346 4484 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
20:38:29.0346 4484 pciide - ok
20:38:29.0378 4484 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:38:29.0378 4484 pcmcia - ok
20:38:29.0409 4484 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:38:29.0409 4484 pcw - ok
20:38:29.0440 4484 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:38:29.0440 4484 PEAUTH - ok
20:38:29.0534 4484 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:38:29.0534 4484 PerfHost - ok
20:38:29.0596 4484 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
20:38:29.0627 4484 pla - ok
20:38:29.0674 4484 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:38:29.0690 4484 PlugPlay - ok
20:38:29.0721 4484 [ 37f6046cdc630442d7dc087501ff6fc6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:38:29.0721 4484 Pml Driver HPZ12 - ok
20:38:29.0752 4484 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:38:29.0752 4484 PNRPAutoReg - ok
20:38:29.0783 4484 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:38:29.0783 4484 PNRPsvc - ok
20:38:29.0814 4484 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:38:29.0814 4484 PolicyAgent - ok
20:38:29.0846 4484 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
20:38:29.0846 4484 Power - ok
20:38:29.0892 4484 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:38:29.0892 4484 PptpMiniport - ok
20:38:29.0908 4484 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:38:29.0924 4484 Processor - ok
20:38:29.0955 4484 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:38:29.0970 4484 ProfSvc - ok
20:38:29.0986 4484 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:38:29.0986 4484 ProtectedStorage - ok
20:38:30.0033 4484 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:38:30.0033 4484 Psched - ok
20:38:30.0111 4484 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:38:30.0142 4484 ql2300 - ok
20:38:30.0142 4484 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:38:30.0158 4484 ql40xx - ok
20:38:30.0189 4484 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
20:38:30.0189 4484 QWAVE - ok
20:38:30.0220 4484 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:38:30.0220 4484 QWAVEdrv - ok
20:38:30.0236 4484 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:38:30.0236 4484 RasAcd - ok
20:38:30.0282 4484 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:38:30.0282 4484 RasAgileVpn - ok
20:38:30.0298 4484 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
20:38:30.0314 4484 RasAuto - ok
20:38:30.0345 4484 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:38:30.0345 4484 Rasl2tp - ok
20:38:30.0392 4484 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
20:38:30.0392 4484 RasMan - ok
20:38:30.0407 4484 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:38:30.0407 4484 RasPppoe - ok
20:38:30.0423 4484 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:38:30.0423 4484 RasSstp - ok
20:38:30.0438 4484 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:38:30.0454 4484 rdbss - ok
20:38:30.0470 4484 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:38:30.0470 4484 rdpbus - ok
20:38:30.0501 4484 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:38:30.0501 4484 RDPCDD - ok
20:38:30.0516 4484 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:38:30.0516 4484 RDPENCDD - ok
20:38:30.0532 4484 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:38:30.0532 4484 RDPREFMP - ok
20:38:30.0563 4484 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:38:30.0579 4484 RDPWD - ok
20:38:30.0610 4484 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:38:30.0610 4484 rdyboost - ok
20:38:30.0641 4484 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:38:30.0641 4484 RemoteAccess - ok
20:38:30.0657 4484 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:38:30.0672 4484 RemoteRegistry - ok
20:38:30.0688 4484 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:38:30.0704 4484 RFCOMM - ok
20:38:30.0766 4484 [ 498eb62a160674e793fa40fd65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:38:30.0766 4484 RichVideo - ok
20:38:30.0797 4484 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:38:30.0797 4484 RpcEptMapper - ok
20:38:30.0813 4484 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
20:38:30.0828 4484 RpcLocator - ok
20:38:30.0860 4484 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll
20:38:30.0875 4484 RpcSs - ok
20:38:30.0906 4484 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:38:30.0906 4484 rspndr - ok
20:38:30.0969 4484 [ a5df2f732a6c95554e548fcb6932bd31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:38:30.0984 4484 RSUSBSTOR - ok
20:38:31.0016 4484 [ 91296f0b2653281b2f11e0fce56aa427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:38:31.0016 4484 RTL8167 - ok
20:38:31.0031 4484 RtsUIR - ok
20:38:31.0062 4484 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
20:38:31.0062 4484 SamSs - ok
20:38:31.0094 4484 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:38:31.0094 4484 sbp2port - ok
20:38:31.0125 4484 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:38:31.0125 4484 SCardSvr - ok
20:38:31.0156 4484 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:38:31.0156 4484 scfilter - ok
20:38:31.0218 4484 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
20:38:31.0250 4484 Schedule - ok
20:38:31.0281 4484 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
20:38:31.0281 4484 SCPolicySvc - ok
20:38:31.0328 4484 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:38:31.0328 4484 sdbus - ok
20:38:31.0374 4484 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:38:31.0374 4484 SDRSVC - ok
20:38:31.0406 4484 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:38:31.0421 4484 secdrv - ok
20:38:31.0452 4484 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
20:38:31.0452 4484 seclogon - ok
20:38:31.0484 4484 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
20:38:31.0484 4484 SENS - ok
20:38:31.0515 4484 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:38:31.0530 4484 SensrSvc - ok
20:38:31.0546 4484 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:38:31.0546 4484 Serenum - ok
20:38:31.0577 4484 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:38:31.0577 4484 Serial - ok
20:38:31.0624 4484 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:38:31.0624 4484 sermouse - ok
20:38:31.0671 4484 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:38:31.0671 4484 SessionEnv - ok
20:38:31.0686 4484 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:38:31.0686 4484 sffdisk - ok
20:38:31.0718 4484 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:38:31.0718 4484 sffp_mmc - ok
20:38:31.0733 4484 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:38:31.0733 4484 sffp_sd - ok
20:38:31.0733 4484 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:38:31.0733 4484 sfloppy - ok
20:38:31.0780 4484 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:38:31.0780 4484 SharedAccess - ok
20:38:31.0811 4484 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:38:31.0827 4484 ShellHWDetection - ok
20:38:31.0858 4484 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:38:31.0858 4484 SiSRaid2 - ok
20:38:31.0874 4484 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:38:31.0874 4484 SiSRaid4 - ok
20:38:31.0905 4484 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:38:31.0905 4484 Smb - ok
20:38:31.0936 4484 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:38:31.0936 4484 SNMPTRAP - ok
20:38:31.0952 4484 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:38:31.0952 4484 spldr - ok
20:38:31.0998 4484 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:38:31.0998 4484 Spooler - ok
20:38:32.0108 4484 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
20:38:32.0154 4484 sppsvc - ok
20:38:32.0186 4484 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:38:32.0186 4484 sppuinotify - ok
20:38:32.0217 4484 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
20:38:32.0232 4484 srv - ok
20:38:32.0248 4484 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:38:32.0248 4484 srv2 - ok
20:38:32.0279 4484 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:38:32.0279 4484 SrvHsfHDA - ok
20:38:32.0326 4484 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:38:32.0357 4484 SrvHsfV92 - ok
20:38:32.0373 4484 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:38:32.0388 4484 SrvHsfWinac - ok
20:38:32.0404 4484 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:38:32.0404 4484 srvnet - ok
20:38:32.0435 4484 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:38:32.0451 4484 SSDPSRV - ok
20:38:32.0451 4484 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:38:32.0451 4484 SstpSvc - ok
20:38:32.0544 4484 [ 7595d53ee8e8b0baa9a2ddde867ebb0c ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
20:38:32.0544 4484 STacSV - ok
20:38:32.0576 4484 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:38:32.0576 4484 stexstor - ok
20:38:32.0638 4484 [ dffbc024dfc7bb05b2129e05cbc7a201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:38:32.0638 4484 STHDA - ok
20:38:32.0685 4484 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
20:38:32.0700 4484 stisvc - ok
20:38:32.0732 4484 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:38:32.0732 4484 swenum - ok
20:38:32.0778 4484 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
20:38:32.0794 4484 swprv - ok
20:38:32.0810 4484 [ 3a706a967295e16511e40842b1a2761d ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:38:32.0810 4484 SynTP - ok
20:38:32.0888 4484 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
20:38:32.0919 4484 SysMain - ok
20:38:32.0950 4484 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:38:32.0966 4484 TabletInputService - ok
20:38:32.0997 4484 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:38:32.0997 4484 TapiSrv - ok
20:38:33.0012 4484 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
20:38:33.0012 4484 TBS - ok
20:38:33.0090 4484 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:38:33.0122 4484 Tcpip - ok
20:38:33.0153 4484 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:38:33.0168 4484 TCPIP6 - ok
20:38:33.0200 4484 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg

#23 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2012 - 07:10 PM

Your PC is clean.

However to be utterly sure you might like to scan it from outside of Windows. The Kaspersky 10 disk is a useful thing to have.

Before you use it, make a Restore Point, or better yet a full disk image. Start > Backup. Make a Rescue Disk (keep it in a safe place) and optionally a full image.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


Summarizing:
  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever)
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update if any available
Back to other tab and click Start Object Scan.
(It took 3 hours to scan my 47G)
When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#24 krtate

krtate

    Advanced Member

  • Full Member
  • PipPipPip
  • 171 posts

Posted 21 August 2012 - 06:07 AM

Thank you, I'll probably give it a try over the next few days. Will post if anything comes up. Thanks again for your assistance. You and the others on the team are a blessing to those of us with limited computer know how.

#25 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 August 2012 - 09:08 AM

OK.. I'll be closing this thread in a few days (but you'll be able to have it reopened). You're very welcome.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#26 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 September 2012 - 04:03 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button